Modern computer systems may comprise a variety of components, some of which are provided by third-parties and some of which are developed in-house. Components developed in-house may receive frequent updates to, for example, add new features or to fix defects. Such updates may introduce security vulnerabilities in the computer system, some of which may be difficult to locate. For example, a source code change to fix a defect in a software component may pass unit tests, regression tests, “black box” tests, and other such tests, but may still introduce security vulnerabilities due to interaction with other components in the system. Maintaining the security of such complex systems may be made more difficult when such components frequently change.
Software testing and, in particular, static code analysis may be used to identify some software vulnerabilities. In static code analysis, a software application is tested without actually executing the application. The software application is typically tested by processing and analyzing the source code of the application. The entire source code of the application, or only portions of the source code, may be analyzed. The source code may be analyzed for one or more of a variety of purposes, such as for identifying possible coding errors, determining properties of the software application, or determining vulnerabilities. However, such analysis may only identify errors and vulnerabilities without performing any steps to remediate such vulnerabilities. Additionally, such analysis may only locate one of a plurality of vulnerabilities, particularly when such vulnerabilities occur at or near a control flow, where a plurality of execution paths may be taken. Such analysis and remediation may become even more complex in source code that makes use of modern programming paradigms such as object-oriented programming, inversion of control, dependency injection, and aspect-oriented programming. Failure to remediate such source code security vulnerabilities may make computer systems less stable, less available, and/or less secure, leading to a degraded experience for users of those systems.